CVE-2026-42431

OpenClaw contains a vulnerability where node.invoke(browser.proxy) bypasses the browser.request persistent profile‑mutation guard, enabling mutation of persistent browser profiles. Affected software: OpenClaw npm package, prior to 2026.4.8. Root cause: a security bypass path in node.invoke(browse...

CVE-2026-35653 OpenClaw < 2026.3.24 - Incorrect Authorization in POST /reset-profile via browser.request

OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator.write access to browser.request to bypass profile mutation restrictions. Attackers can invoke POST /reset-profile through the...

CVE-2026-35653

OpenClaw prior to 2026.3.24 contains an incorrect authorization flaw in POST /reset-profile. Authenticated callers with operator.write access to browser.request can bypass profile mutation restrictions, potentially stopping the running browser, closing Playwright connections, and moving profile d...

OpenClaw `node.invoke(browser.proxy)` bypasses `browser.request` persistent profile-mutation guard

Impact OpenClaw node.invokebrowser.proxy bypasses browser.request persistent profile-mutation guard. node.invokebrowser.proxy could mutate persistent browser profiles through a path that bypassed the browser.request guard. OpenClaw is a user-controlled local assistant. This advisory is scoped to...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the browser.request function on the operator.write surface. An attacker can disrupt browser operations, terminate active browser sessions, and move the local...

GHSA-XP9R-PRPG-373R OpenClaw: `browser.request` still allows `POST /reset-profile` through the `operator.write` surface

Fixed in OpenClaw 2026.3.24, the current shipping release. Title browser.request still allows POST /reset-profile through the operator.write surface in OpenClaw v2026.3.22 after GHSA-vmhq-cqm9-6p7q Severity Assessment High CWE: - CWE-863: Incorrect Authorization Proposed CVSS v3.1: - 8.1...

OpenClaw: `browser.request` still allows `POST /reset-profile` through the `operator.write` surface

Fixed in OpenClaw 2026.3.24, the current shipping release. Title browser.request still allows POST /reset-profile through the operator.write surface in OpenClaw v2026.3.22 after GHSA-vmhq-cqm9-6p7q Severity Assessment High CWE: - CWE-863: Incorrect Authorization Proposed CVSS v3.1: - 8.1...

CVE-2026-32972

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated operators with only operator.write permission to access admin-only browser profile management routes through browser.request. Attackers can create or modify browser profiles and persist...

PT-2026-28453

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description An authorization bypass exists that allows authenticated operators with operator.write permission to access admin-only browser profile management routes via browser.request. This allows attacker...

GHSA-VMHQ-CQM9-6P7Q OpenClaw: `browser.request` let `operator.write` persist admin-only browser profile changes

Summary An authorization mismatch in the gateway let an authenticated caller with only operator.write use browser.request to reach browser profile management routes that persist configuration to disk. In practice, this exposed an admin-only configuration write primitive through /profiles/create...

OpenClaw: `browser.request` let `operator.write` persist admin-only browser profile changes

Summary An authorization mismatch in the gateway let an authenticated caller with only operator.write use browser.request to reach browser profile management routes that persist configuration to disk. In practice, this exposed an admin-only configuration write primitive through /profiles/create...

EUVD-2023-27037

Malicious code in bioql PyPI...

CVE-2024-56331 Local File Inclusion (LFI) via Improper URL Handling in uptime-kuma's `Real-Browser` monitor

Uptime Kuma is an open source, self-hosted monitoring tool. An Improper URL Handling Vulnerability allows an attacker to access sensitive local files on the server by exploiting the file:/// protocol. This vulnerability is triggered via the "real-browser" request type, which takes a screenshot of...

GHSA-2QGM-M29M-CJ2H uptime-kuma vulnerable to Local File Inclusion (LFI) via Improper URL Handling in `Real-Browser` monitor

Summary An Improper URL Handling Vulnerability allows an attacker to access sensitive local files on the server by exploiting the file:/// protocol. This vulnerability is triggered via the "real-browser" request type, which takes a screenshot of the URL provided by the attacker. By supplying loca...

Uptime Kuma 路径遍历漏洞

Uptime Kuma is an easy-to-use, self-hosted monitoring tool from the individual developer Louis Lam. A path traversal vulnerability exists in Uptime Kuma versions 1.23.0 through 1.23.15 and 2.0.0-beta.0, which stems from a lack of server-side validation and cleanup stemming from a URL field in the...

Splunk Enterprise和Splunk Cloud Platform 安全漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk, Inc. of the U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. Splunk Cloud Platform and Splunk Enterprise ha...

spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client

A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client via the browser to the Authorization Server, an attacker can gain elevated privileges on the system...

CVE-2023-22934 SPL Command Safeguards Bypass via the ‘pivot’ SPL Command in Splunk Enterprise

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language SPL command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user t...

CVE-2023-22940 SPL Command Safeguards Bypass via the ‘collect’ SPL Command Aliases in Splunk Enterprise

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language SPL command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the...

Design/Logic Flaw

In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation JSON lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the...